Xcel Energy Inc Data Breach (2013)

Xcel E~nergyhas determined that, approximately two weeks ago, a memper of its team responsible for proccssing employee access to Xcel Energy facilities sent an e-mail and spreadsheet attachment to another team member. The spreadsheet contained the name and Social Security number of a ~umberof employees, including approximately 4New Hampshire residents. The recipient ofthis e-mail then fo~wardedthe same e-mail and attachment to 6ther Xcel Energy managers as part of an employee training status update. Although all of these managers need'ed some of this information to perform their responsibilities, not ~llof the managers needed access to employee Social Security numbers. The inbividual who made the initial mistake reported it immediately to Xeel Energy's information technology sec~rityteam. We believe that all ofthe e-mails containing the spre~dsheetwere either successfully recalled or deldted from the system. We also believe, based on scans and other tests conducted by Xcel Energy's IT seturity team, that none ofthe e-mails were forwarded to non-emplbyees and none were forwarded outside Xcel E~ergy'scomputer network. We have notified affected individualJ by written notice.